Configuring Okta SCIM integration

Use this guide to configure and install the Nintex K2 Cloud app in Okta. The app lets you use OAuth 2.0 Authorization Code grant flow as your method of authentication and SCIM as your method of identity provisioning.


  • Nintex K2 Cloud instance: the Nintex K2 Cloud platform provisioned by the Nintex Cloud Ops team.
  • Nintex K2 Cloud app: the application in Okta set up to provision identities using the SCIM protocol.


Ensure that you have the following before you start configuring Okta:

  • An Okta account with admin privileges
  • To enable SCIM API integration and interact with the Okta user and groups, you must have an account with either the Super Admin rights or the following roles:
    • Org Admin
    • App Admin
    • API Access Management Admin
    For more information see Standard administrator roles and permissions.
  • An On-boarded Nintex K2 Cloud instance with SCIM, by the Nintex Cloud Operations team, and have the following information from them:
    • Authority
    • BaseUrl
    • Token

Supported Features

The following items are the current features supported by the Okta SCIM integration for a Nintex K2 Cloud instance:

  • SP-initiated SSO
  • Create Users
  • Update User Attributes
  • Deactivate/Reactivate Users
  • Group Push


Use these steps to configure the Nintex K2 Cloud app in Okta.

The user account that was on-boarded by the Nintex Cloud Operations team must be used to sign into Okta. That user should have the Application Administrator role granted to it in Okta.

Nintex K2 Cloud next steps

Sign into any Nintex K2 site within your Nintex K2 Cloud tenant using login credentials for an Okta account that was assigned in Step 2: Assign people and groups to the Nintex K2 Cloud app.

If you cannot sign in, the two most common errors and their troubleshooting tips are:

  • User not found error – this user is not in Sync Engine, and there may be a problem with the provisioning in Okta. See the Step 3: Error checking section in this guide.
  • ClaimTypeMapping not found - there may be a problem with the Nintex K2 Cloud on-boarding process. Contact Nintex Customer Central to log a support ticket.

  • FQN not found error - ETL is not yet complete. The time it takes for ETL to complete depends on the number of users being provisioned but is usually less than 30 minutes. If you believe there's a problem, contact Nintex Customer Central to log a support ticket.

For more information on Identity Providers in Nintex K2 Cloud and the Nintex K2 Sync Service, see the User Guide Identity Providers topic.